Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu a návod na vyčitenie PC

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
witchhammer
Návštěvník
Návštěvník
Příspěvky: 11
Registrován: 08 kvě 2013 23:04

Prosím o kontrolu logu a návod na vyčitenie PC

#1 Příspěvek od witchhammer »

Po inštalácií programu S.U.P.E.R. na konvertovanie mediálnych súborov mi do PC naliezla škodná.
Detekoval som yeadesktop, ktorý sa mi podarilo odstrániť, a tiež dataminer gplyra. Avšak cez Process Explorer vidím, že môj CPU je vyťažovaný na 50% (mám 4-jadro), akonáhle zapnem task manager, tak ten šmejd ukončí aktivitu a cpu vôbec nevyťažuje. Po zavretí task manageru to znova vyletí na 50%. Zistil som, že je to v zložke Temp v adresári WIndows. Názov je gdc97.tmp.exe, keď som to zmazal (nenapadlo ma nič lepšie ako cez unlocker, inak to ani nešlo), objavil sa znova pod názvom g81a4.tmp.exe.
Ďakujem za pomoc

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2017 01
Ran by admin (administrator) on DESKTOP-G9N1UEU (18-06-2017 00:35:48)
Running from D:\Downloads
Loaded Profiles: admin (Available Profiles: admin & roman)
Platform: Windows 10 Enterprise Version 1607 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
(Apple Inc.) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\runonce.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
() C:\Program Files\Windows Defender\EZ3JEHWVKI1R5QGF4KANOZP51VPABHT3\SaPXkagIHl.exe
() C:\Users\admin\AppData\Roaming\Event Monitor\em.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Windows\Temp\g81A4.tmp.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\sp6\LU\LULnchr.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\Unifying\LU\LULnchr.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\Unifying\LU\LogitechUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-28] (Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-06-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\...\RunOnce: [Lahin_Raw_barra_al3eb_b3id_1N60DIH5] => C:\Program Files\Windows Defender\EZ3JEHWVKI1R5QGF4KANOZP51VPABHT3\SaPXkagIHl.exe [525312 2017-06-17] ()
HKLM-x32\...\RunOnce: [EasyTune] => C:\Program Files (x86)\Gigabyte\EasyTune\etro.exe [5632 2014-08-18] (GIGA-BYTE TECHNOLOGY CO., LTD.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2926868963-1006440680-4167170613-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-06-22] (Disc Soft Ltd)
HKU\S-1-5-21-2926868963-1006440680-4167170613-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
HKU\S-1-5-21-2926868963-1006440680-4167170613-1001\...\Run: [iMwq+VM-xD.exe] => C:\Program Files\HandBrake\WSU7LRWTQBD3HR\iMwq+VM-xD.exe [190976 2017-06-17] ()
HKU\S-1-5-21-2926868963-1006440680-4167170613-1001\...\Run: [rFJv7xsvTq.exe] => C:\Program Files\Bethesda Softworks\3SIXAB\rFJv7xsvTq.exe [190976 2017-06-17] ()
HKU\S-1-5-21-2926868963-1006440680-4167170613-1001\...\Run: [Yp8KyZU7a9.exe] => C:\ProgramData\03db811de6ea4c509c9663f7bfed9061\Yp8KyZU7a9.exe [190976 2017-06-17] ()
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
GroupPolicy: Restriction - Windows Defender <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{8fba990b-8693-49c4-8077-8bae38e33d91}: [DhcpNameServer] 192.168.100.1

Internet Explorer:
==================
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-30] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-30] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

FireFox:
========
FF DefaultProfile: 3204lmgi.default
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3204lmgi.default [2017-06-18]
FF user.js: detected! => C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3204lmgi.default\user.js [2017-04-12]
FF Session Restore: Mozilla\Firefox\Profiles\3204lmgi.default -> is enabled.
FF Extension: (Tables) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3204lmgi.default\Extensions\669206@extcorp.com.xpi [2017-04-12]
FF Extension: (Nepi Jano!) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3204lmgi.default\Extensions\@nepi-jano.xpi [2016-10-23]
FF Extension: (Add to Search Bar) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3204lmgi.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2016-01-22]
FF Extension: (Roomy Bookmarks Toolbar) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3204lmgi.default\Extensions\ALone-live@ya.ru.xpi [2015-10-26]
FF Extension: (Classic Theme Restorer) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3204lmgi.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-10-23]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3204lmgi.default\Extensions\elemhidehelper@adblockplus.org.xpi [2016-10-23]
FF Extension: (Ghostery) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3204lmgi.default\Extensions\firefox@ghostery.com.xpi [2016-10-23]
FF Extension: (FlashStopper) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3204lmgi.default\Extensions\flashstopper@byo.co.il.xpi [2016-03-29]
FF Extension: (Plain Text Linker) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3204lmgi.default\Extensions\jid1-CeHl9T9miaoK2w@jetpack.xpi [2015-11-06]
FF Extension: (Flash Block Plus) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3204lmgi.default\Extensions\jid1-n8wH2cBfc2QaUj@jetpack.xpi [2016-07-14]
FF Extension: (Nepi Jano!) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3204lmgi.default\Extensions\jid1-ujYo9WP31heSeQ@jetpack.xpi [2015-07-09] [not signed]
FF Extension: (Save Images) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3204lmgi.default\Extensions\LDSI_plashcor@gmail.com.xpi [2016-04-30]
FF Extension: (ScrapBook Plus) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3204lmgi.default\Extensions\scrapbookplus@addons.mozilla.org.xpi [2016-10-23]
FF Extension: (Tree Style Tab) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3204lmgi.default\Extensions\treestyletab@piro.sakura.ne.jp.xpi [2016-06-17] [not signed]
FF Extension: (Undo Closed Tabs Button) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3204lmgi.default\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2016-10-23]
FF Extension: (Screengrab (fix version)) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3204lmgi.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2016-10-23]
FF Extension: (NoScript) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3204lmgi.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-10-23]
FF Extension: (Password Exporter) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3204lmgi.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2016-04-05]
FF Extension: (Video DownloadHelper) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3204lmgi.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-10-23]
FF Extension: (Adblock Plus) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3204lmgi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-30]
FF Extension: (BetterPrivacy) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3204lmgi.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-10-23]
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3204lmgi.default\searchplugins\sfd.xml [2015-07-09]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-16] ()
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-30] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2017-04-20] (Apple Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-20] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-20] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [48944 2017-06-12] (Dropbox, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-06-22] (Disc Soft Ltd)
R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] () [File not signed]
S3 HwmRecordService; C:\Program Files (x86)\GIGABYTE\SIV\HwmRecordService.exe [62760 2015-11-12] (GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-07] (Intel Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-11-13] (Microsoft Corporation)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [743616 2015-12-02] (@ByELDI) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [314016 2017-01-23] ()
R1 cytdsk; C:\WINDOWS\System32\drivers\cytdsk.sys [195496 2017-06-13] ()
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [146856 2015-03-10] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [21928 2015-03-10] (Windows (R) Win 7 DDK provider)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-07-20] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-07-20] (Disc Soft Ltd)
S3 etocdrv; C:\WINDOWS\etocdrv.sys [15584 2013-10-31] (Giga-Byte Technology CO., LTD.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.)
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [43680 2017-01-23] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [12400 2017-03-29] (Macrovision Europe Ltd) [File not signed]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [131144 2017-03-15] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205440 2017-03-15] (Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 WiserIso; C:\WINDOWS\System32\Drivers\vcdrom.sys [25432 2016-12-27] ()
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-18 00:33 - 2017-06-18 00:33 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2017-06-18 00:33 - 2017-06-18 00:33 - 00000000 ____D C:\Users\admin\AppData\Roaming\Babylon
2017-06-18 00:33 - 2017-06-18 00:33 - 00000000 ____D C:\Users\admin\AppData\Local\Babylon
2017-06-18 00:33 - 2017-06-18 00:33 - 00000000 ____D C:\ProgramData\Babylon
2017-06-18 00:33 - 2017-06-18 00:33 - 00000000 ____D C:\Program Files\Unlocker
2017-06-18 00:29 - 2017-06-18 00:29 - 00000290 __RSH C:\Users\admin\ntuser.pol
2017-06-18 00:08 - 2017-06-18 00:10 - 00000000 ____D C:\Users\roman\AppData\Roaming\Event Monitor
2017-06-18 00:07 - 2017-06-18 00:07 - 01348104 _____ C:\Users\admin\Documents\cc_20170618_000702.reg
2017-06-17 23:52 - 2017-06-18 00:35 - 00000000 ____D C:\FRST
2017-06-17 23:25 - 2017-06-17 23:25 - 00000000 ____D C:\ProgramData\KZMount
2017-06-17 23:23 - 2017-06-17 23:23 - 00000290 __RSH C:\Users\roman\ntuser.pol
2017-06-17 23:23 - 2017-06-17 23:23 - 00000000 ____D C:\Users\roman\AppData\Roaming\PC Clean Plus
2017-06-17 23:21 - 2017-06-17 23:21 - 00000000 ____D C:\ProgramData\Microleaves
2017-06-17 23:20 - 2017-06-17 23:20 - 00000000 ____D C:\Users\admin\Documents\eRightSoft
2017-06-17 23:18 - 2017-06-18 00:34 - 00003106 _____ C:\WINDOWS\System32\Tasks\RunAtStartup
2017-06-17 23:18 - 2017-06-18 00:34 - 00000000 ____D C:\Users\admin\AppData\Roaming\Event Monitor
2017-06-17 23:18 - 2017-06-17 23:23 - 00000414 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job
2017-06-17 23:18 - 2017-06-17 23:23 - 00000382 _____ C:\WINDOWS\Tasks\Online Application V2G3.job
2017-06-17 23:18 - 2017-06-17 23:23 - 00000382 _____ C:\WINDOWS\Tasks\Online Application V2G2.job
2017-06-17 23:18 - 2017-06-17 23:23 - 00000382 _____ C:\WINDOWS\Tasks\Online Application V2G1.job
2017-06-17 23:18 - 2017-06-17 23:18 - 00930816 _____ C:\Users\admin\AppData\Local\test_db_cara.db
2017-06-17 23:18 - 2017-06-17 23:18 - 00140800 _____ C:\Users\admin\AppData\Local\installer.dat
2017-06-17 23:18 - 2017-06-17 23:18 - 00016846 _____ C:\WINDOWS\System32\Tasks\Krix for Windows 8
2017-06-17 23:18 - 2017-06-17 23:18 - 00016812 _____ C:\WINDOWS\System32\Tasks\Kalency Clock
2017-06-17 23:18 - 2017-06-17 23:18 - 00011568 _____ C:\Users\admin\AppData\Local\InstallationConfiguration.xml
2017-06-17 23:18 - 2017-06-17 23:18 - 00003308 _____ C:\WINDOWS\System32\Tasks\Updater_Online_Application
2017-06-17 23:18 - 2017-06-17 23:18 - 00003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G3
2017-06-17 23:18 - 2017-06-17 23:18 - 00003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G2
2017-06-17 23:18 - 2017-06-17 23:18 - 00003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G1
2017-06-17 23:18 - 2017-06-17 23:18 - 00000528 _____ C:\Users\admin\Desktop\Download 3D.Encode.Engine.exe.url
2017-06-17 23:18 - 2017-06-17 23:18 - 00000454 _____ C:\Users\admin\Desktop\Download 3D.Codecs.Package.url
2017-06-17 23:18 - 2017-06-17 23:18 - 00000000 ____D C:\Users\admin\AppData\Roaming\UCChannel
2017-06-17 23:18 - 2017-06-17 23:18 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microleaves
2017-06-17 23:18 - 2017-06-17 23:18 - 00000000 ____D C:\Users\admin\AppData\Local\AdvinstAnalytics
2017-06-17 23:18 - 2017-06-17 23:18 - 00000000 ____D C:\ProgramData\03db811de6ea4c509c9663f7bfed9061
2017-06-17 23:18 - 2016-12-27 04:34 - 00025432 _____ C:\WINDOWS\system32\Drivers\vcdrom.sys
2017-06-17 23:18 - 2016-05-05 12:23 - 00556216 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avutil-lav-55.dll
2017-06-17 23:18 - 2016-05-05 12:23 - 00537784 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\swscale-lav-4.dll
2017-06-17 23:18 - 2016-05-05 12:23 - 00405176 __RSH (Intel Corp.) C:\WINDOWS\SysWOW64\IntelQuickSyncDecoder.dll
2017-06-17 23:18 - 2016-05-05 12:23 - 00276152 __RSH C:\WINDOWS\SysWOW64\libbluray.dll
2017-06-17 23:18 - 2016-05-05 12:23 - 00000493 __RSH C:\WINDOWS\SysWOW64\LAVFilters.Dependencies.manifest
2017-06-17 23:18 - 2016-05-05 12:22 - 10766520 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avcodec-lav-57.dll
2017-06-17 23:18 - 2016-05-05 12:22 - 01699000 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avformat-lav-57.dll
2017-06-17 23:18 - 2016-05-05 12:22 - 00188088 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avfilter-lav-6.dll
2017-06-17 23:18 - 2016-05-05 12:22 - 00160440 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avresample-lav-3.dll
2017-06-17 23:18 - 2004-10-10 08:50 - 00278528 _____ (Real Networks, Inc) C:\WINDOWS\SysWOW64\pncrt.dll
2017-06-17 23:18 - 2004-07-02 16:33 - 00327749 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\drvc.dll
2017-06-17 23:18 - 2004-04-05 09:31 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2017-06-17 23:18 - 2004-04-05 09:31 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2017-06-17 23:17 - 2017-06-18 00:17 - 00000000 ____D C:\Program Files (x86)\eRightSoft
2017-06-17 23:17 - 2017-06-17 23:18 - 00000000 ____D C:\Users\admin\AppData\Roaming\BrowserModule
2017-06-17 23:17 - 2017-06-17 23:17 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
2017-06-14 22:24 - 2017-06-14 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-14 22:19 - 2017-06-14 22:19 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-14 22:00 - 2017-04-21 23:53 - 00029376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2017-06-14 22:00 - 2017-04-21 23:53 - 00018600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2017-06-14 22:00 - 2017-04-21 23:50 - 00030912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2017-06-14 22:00 - 2017-04-21 23:50 - 00018592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2017-06-14 22:00 - 2017-04-11 20:27 - 00993632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-06-14 22:00 - 2017-04-11 20:27 - 00690008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-06-14 22:00 - 2017-03-15 20:15 - 00987840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-06-14 22:00 - 2017-03-15 20:15 - 00485576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-06-14 21:51 - 2017-06-03 12:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 21:51 - 2017-06-03 12:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-14 21:51 - 2017-06-03 12:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-14 21:51 - 2017-06-03 12:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-14 21:51 - 2017-06-03 12:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-14 21:51 - 2017-06-03 12:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-14 21:51 - 2017-06-03 12:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-14 21:51 - 2017-06-03 12:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 21:51 - 2017-06-03 12:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-14 21:51 - 2017-06-03 12:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-14 21:51 - 2017-06-03 12:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-14 21:51 - 2017-06-03 12:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-14 21:51 - 2017-06-03 12:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-06-14 21:51 - 2017-06-03 12:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-14 21:51 - 2017-06-03 12:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-14 21:51 - 2017-06-03 12:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-14 21:51 - 2017-06-03 12:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 21:51 - 2017-06-03 12:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-14 21:51 - 2017-06-03 12:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 21:51 - 2017-06-03 12:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 21:51 - 2017-06-03 12:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 21:51 - 2017-06-03 11:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-14 21:51 - 2017-06-03 11:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 21:51 - 2017-06-03 11:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 21:51 - 2017-06-03 11:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-14 21:51 - 2017-06-03 11:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-14 21:51 - 2017-06-03 11:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-14 21:51 - 2017-06-03 11:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-14 21:51 - 2017-06-03 11:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-14 21:51 - 2017-06-03 11:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-14 21:51 - 2017-06-03 11:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-14 21:51 - 2017-06-03 11:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 21:51 - 2017-06-03 11:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-14 21:51 - 2017-06-03 11:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-14 21:51 - 2017-06-03 11:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-14 21:51 - 2017-06-03 11:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 21:51 - 2017-06-03 11:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-14 21:51 - 2017-06-03 11:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-14 21:51 - 2017-06-03 11:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-06-14 21:51 - 2017-06-03 11:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 21:51 - 2017-06-03 11:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 21:51 - 2017-06-03 11:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-06-14 21:51 - 2017-06-03 11:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-06-14 21:51 - 2017-06-03 11:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 21:51 - 2017-06-03 11:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-06-14 21:51 - 2017-06-03 11:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 21:51 - 2017-06-03 11:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 21:51 - 2017-06-03 11:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 21:51 - 2017-06-03 11:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 21:51 - 2017-06-03 11:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 21:51 - 2017-06-03 11:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 21:51 - 2017-06-03 11:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-14 21:51 - 2017-06-03 11:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 21:51 - 2017-06-03 11:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 21:51 - 2017-06-03 11:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-14 21:51 - 2017-06-03 11:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 21:51 - 2017-06-03 11:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-14 21:51 - 2017-06-03 11:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-14 21:51 - 2017-06-03 11:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-14 21:51 - 2017-06-03 11:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-14 21:51 - 2017-06-03 11:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 21:51 - 2017-06-03 11:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 21:51 - 2017-06-03 11:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-14 21:51 - 2017-06-03 11:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-14 21:51 - 2017-06-03 11:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-14 21:51 - 2017-06-03 11:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-14 21:51 - 2017-06-03 11:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-14 21:51 - 2017-06-03 11:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 21:51 - 2017-06-03 11:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-14 21:51 - 2017-06-03 11:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 21:51 - 2017-06-03 11:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 21:51 - 2017-06-03 11:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 21:51 - 2017-06-03 11:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 21:51 - 2017-06-03 11:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 21:51 - 2017-06-03 11:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 21:51 - 2017-06-03 11:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 21:51 - 2017-06-03 11:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 21:51 - 2017-06-03 11:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 21:51 - 2017-06-03 11:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 21:51 - 2017-06-03 11:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 21:51 - 2017-06-03 11:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-14 21:51 - 2017-06-03 11:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-06-14 21:51 - 2017-06-03 11:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-06-14 21:51 - 2017-06-03 11:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-14 21:51 - 2017-06-03 11:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2017-06-14 21:51 - 2017-06-03 11:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-06-14 21:51 - 2017-06-03 11:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2017-06-14 21:51 - 2017-06-03 11:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-06-14 21:51 - 2017-06-03 11:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 21:51 - 2017-06-03 11:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 21:51 - 2017-06-03 11:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-14 21:51 - 2017-06-03 11:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 21:51 - 2017-06-03 11:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-14 21:51 - 2017-06-03 11:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 21:51 - 2017-06-03 11:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 21:51 - 2017-06-03 11:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-14 21:51 - 2017-06-03 11:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2017-06-14 21:51 - 2017-06-03 11:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 21:51 - 2017-06-03 11:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-14 21:51 - 2017-06-03 11:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-06-14 21:51 - 2017-06-03 11:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-14 21:51 - 2017-06-03 11:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 21:51 - 2017-06-03 11:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 21:51 - 2017-06-03 11:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 21:51 - 2017-06-03 11:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 21:51 - 2017-06-03 11:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-06-14 21:51 - 2017-06-03 11:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 21:51 - 2017-06-03 11:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-14 21:51 - 2017-06-03 11:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 21:51 - 2017-06-03 10:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-06-14 21:51 - 2017-06-03 10:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 21:51 - 2017-06-03 10:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-06-14 21:51 - 2017-06-03 10:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 21:51 - 2017-06-03 10:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 21:51 - 2017-06-03 10:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-14 21:51 - 2017-06-03 10:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 21:51 - 2017-06-03 10:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-06-14 21:51 - 2017-06-03 10:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-14 21:51 - 2017-06-03 10:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-06-14 21:51 - 2017-06-03 10:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 21:51 - 2017-06-03 10:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 21:51 - 2017-06-03 10:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 21:51 - 2017-06-03 10:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 21:51 - 2017-06-03 10:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 21:51 - 2017-06-03 10:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-14 21:51 - 2017-06-03 10:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 21:51 - 2017-06-03 10:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 21:51 - 2017-06-03 10:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 21:51 - 2017-06-03 10:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2017-06-14 21:51 - 2017-06-03 10:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-14 21:51 - 2017-06-03 10:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 21:51 - 2017-06-03 10:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 21:51 - 2017-06-03 10:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-14 21:51 - 2017-06-03 10:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 21:51 - 2017-06-03 10:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 21:51 - 2017-06-03 08:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-06-14 21:51 - 2017-05-25 07:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-06-14 21:51 - 2017-03-04 08:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-14 21:51 - 2017-03-04 08:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-14 21:51 - 2017-03-04 08:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-14 21:51 - 2017-03-04 08:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-06-14 21:51 - 2016-09-07 06:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-06-13 04:26 - 2017-06-13 04:26 - 00195496 _____ C:\WINDOWS\system32\Drivers\cytdsk.sys
2017-06-12 13:55 - 2017-06-12 13:55 - 00048944 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-06-12 13:52 - 2017-06-12 13:52 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-06-12 13:52 - 2017-06-12 13:52 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-06-12 13:52 - 2017-06-12 13:52 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-06-09 23:55 - 2017-06-09 23:55 - 00000000 ____D C:\Users\admin\Documents\The KMPlayer
2017-06-07 23:05 - 2017-06-15 23:01 - 00000000 ____D C:\GOG Games
2017-05-19 23:58 - 2017-05-19 23:58 - 00000000 ____D C:\Users\roman\AppData\Roaming\Ubisoft

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-18 00:35 - 2016-07-20 17:06 - 00000000 ____D C:\Users\admin\AppData\Local\ClassicShell
2017-06-18 00:34 - 2016-12-27 02:25 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-18 00:34 - 2016-11-13 20:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-18 00:34 - 2016-11-13 20:42 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-18 00:34 - 2016-07-16 08:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-06-18 00:33 - 2016-07-25 23:36 - 00026192 _____ (Windows (R) Server 2003 DDK provider) C:\WINDOWS\gdrv.sys
2017-06-18 00:33 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-18 00:32 - 2017-03-01 00:26 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Mozilla
2017-06-18 00:30 - 2016-07-20 18:30 - 00000000 ____D C:\Users\admin\AppData\Local\Dropbox
2017-06-18 00:29 - 2016-11-13 20:43 - 00000000 ____D C:\Users\admin
2017-06-18 00:29 - 2016-07-20 14:05 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-18 00:29 - 2016-07-20 14:05 - 00000000 ____D C:\Users\admin\AppData\Local\Packages
2017-06-18 00:28 - 2016-11-13 20:42 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-18 00:28 - 2016-07-20 15:55 - 00000000 ____D C:\Users\roman\AppData\Local\ClassicShell
2017-06-18 00:27 - 2016-11-22 23:35 - 00000000 ____D C:\Users\roman\AppData\LocalLow\Mozilla
2017-06-18 00:22 - 2016-07-20 14:38 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-18 00:21 - 2016-08-02 22:01 - 01034066 _____ C:\WINDOWS\system32\perfh01B.dat
2017-06-18 00:21 - 2016-08-02 22:01 - 00316388 _____ C:\WINDOWS\system32\perfc01B.dat
2017-06-18 00:21 - 2016-07-20 14:04 - 02861140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-18 00:20 - 2016-11-13 20:43 - 00000000 ____D C:\Users\roman
2017-06-18 00:15 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\registration
2017-06-18 00:06 - 2016-07-20 17:17 - 00000000 ____D C:\Users\admin\AppData\Roaming\DAEMON Tools Lite
2017-06-17 23:53 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2017-06-17 23:18 - 2017-04-26 21:56 - 00000000 ____D C:\Program Files\Thief - Deadly Shadows
2017-06-17 23:18 - 2016-12-29 23:31 - 00000000 ____D C:\Program Files\HandBrake
2017-06-17 23:18 - 2016-08-02 21:26 - 00000000 ____D C:\Program Files\Bethesda Softworks
2017-06-17 23:18 - 2016-07-20 17:33 - 00003584 __RSH C:\ProgramData\ntuser.pol
2017-06-17 23:18 - 2016-07-16 13:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-17 23:18 - 2015-07-10 13:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-06-17 23:02 - 2016-07-25 23:36 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-17 11:04 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-16 20:53 - 2016-07-20 17:10 - 00000000 ____D C:\Users\roman\AppData\Roaming\vlc
2017-06-16 20:44 - 2016-07-20 16:20 - 00000646 _____ C:\Users\roman\Desktop\seriály.txt
2017-06-16 11:32 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache
2017-06-16 10:55 - 2016-08-13 23:45 - 00000000 ____D C:\Users\roman\AppData\Roaming\HandBrake
2017-06-14 22:24 - 2016-07-20 18:30 - 00000000 ____D C:\Users\roman\AppData\Local\Dropbox
2017-06-14 22:24 - 2016-07-20 18:30 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-06-14 22:19 - 2016-11-13 20:42 - 00271976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-14 22:19 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-14 22:19 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-14 22:19 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-14 22:01 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-14 22:00 - 2016-07-20 14:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-10 23:33 - 2016-07-20 18:32 - 00000000 ___RD C:\Users\roman\Dropbox
2017-06-04 22:50 - 2016-11-22 23:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-04 22:50 - 2016-07-20 15:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-03 08:36 - 2016-07-16 13:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 08:36 - 2016-07-16 13:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-31 22:27 - 2016-07-20 14:40 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-19 23:58 - 2017-05-18 23:08 - 00000000 ____D C:\ProgramData\Ubisoft
2017-05-19 23:49 - 2017-04-12 22:27 - 00000000 ____D C:\Program Files (x86)\Ubisoft

==================== Files in the root of some directories =======

2017-01-28 18:38 - 2013-04-28 15:56 - 0396800 _____ (Codejock Software) C:\Program Files (x86)\ISSkinExW.dll
2017-01-28 18:38 - 2013-05-27 10:32 - 3011584 _____ () C:\Program Files (x86)\walmart.cjstyles
2017-06-17 23:18 - 2017-06-17 23:18 - 0011568 _____ () C:\Users\admin\AppData\Local\InstallationConfiguration.xml
2017-06-17 23:18 - 2017-06-17 23:18 - 0140800 _____ () C:\Users\admin\AppData\Local\installer.dat
2016-07-27 19:42 - 2017-04-08 23:03 - 0007669 _____ () C:\Users\admin\AppData\Local\resmon.resmoncfg
2017-06-17 23:18 - 2017-06-17 23:18 - 0930816 _____ () C:\Users\admin\AppData\Local\test_db_cara.db

Some files in TEMP:
====================
2013-05-10 07:10 - 2013-05-10 07:10 - 0785904 _____ () C:\Users\admin\AppData\Local\Temp\DeltaTB.exe
2017-02-28 23:40 - 2017-02-28 23:40 - 2342632 _____ (CPUID) C:\Users\roman\AppData\Local\Temp\cpuz165.exe
2017-04-01 19:39 - 2017-04-12 21:55 - 0065536 _____ (Sony DADC Austria AG) C:\Users\roman\AppData\Local\Temp\drm_dialogs.dll
2017-04-12 21:56 - 2017-04-12 22:07 - 0208896 _____ (Sony DADC Austria AG) C:\Users\roman\AppData\Local\Temp\drm_dyndata_7340014.dll
2017-01-29 21:54 - 2017-01-29 21:54 - 0739904 _____ (Oracle Corporation) C:\Users\roman\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-04-30 18:04 - 2017-04-30 18:04 - 0739904 _____ (Oracle Corporation) C:\Users\roman\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-02-28 23:40 - 2017-02-28 23:40 - 0106496 _____ () C:\Users\roman\AppData\Local\Temp\pi.exe
2017-06-17 23:23 - 2017-06-18 00:28 - 1444000 _____ (Sysinternals - http://www.sysinternals.com) C:\Users\roman\AppData\Local\Temp\PROCEXP64.exe
2017-04-06 22:22 - 2017-04-06 22:22 - 0109056 _____ () C:\Users\roman\AppData\Local\Temp\remove.exe
2017-04-26 21:57 - 2017-04-26 21:57 - 0012305 _____ () C:\Users\roman\AppData\Local\Temp\SIntf16.dll
2017-04-26 21:57 - 2017-04-26 21:57 - 0020020 _____ () C:\Users\roman\AppData\Local\Temp\SIntf32.dll
2017-04-26 21:57 - 2017-04-26 21:57 - 0024748 _____ () C:\Users\roman\AppData\Local\Temp\SIntfNT.dll
2017-05-18 23:09 - 2017-05-18 23:25 - 3748145 _____ () C:\Users\roman\AppData\Local\Temp\ubi3163.tmp.exe
2017-05-27 13:42 - 2017-05-27 13:42 - 5591040 _____ () C:\Users\roman\AppData\Local\Temp\vlc-2.2.6-win64.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-16 08:37

==================== End of FRST.txt ============================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118715
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu logu a návod na vyčitenie PC

#2 Příspěvek od Rudy »

Zdravím!
Jak je na tom váš oper. systém s legalitou?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

witchhammer
Návštěvník
Návštěvník
Příspěvky: 11
Registrován: 08 kvě 2013 23:04

Re: Prosím o kontrolu logu a návod na vyčitenie PC

#3 Příspěvek od witchhammer »

Dobrý podvečer, ďakujem za reakciu. Legálny mám Win 8, resp. po update na Win 10 je legálny Win 10 Home. Keďže ma však hneval nemožný management aktualizácií v tomto redmondskom zázraku, tak som siahol po inštalačke Win10 Enterprise, ktorý som aktivoval cez KMS Pico - čo je koniec koncov v tom logu vidieť. Tak sa udialo ešte niekedy v júli minulého roka. Dúfam, že táto šedá kópia OS nebude problém v riešení problému. Popisované problémy začali včera po inštalácií spomínaného S.U.P.E.R - na tej stránke mali pravdu, keď tam písali, že ten program spraví zadarmo viac než iné plateného programy, len ma ani vo sne nenapadlo, ako to mysleli. BTW, teraz, keď som otvoril Firefox, otvorili sa mi tri okná, takže zrejme je napadnutý aj prehliadač. A po spustení mi sa mi zobrazí dialógové okno admina na spustenie nejakého event managera od sys scure PR software llp.
Prosím o pomoc, nerád by som to riešil formátovaním C: a inštaláciou všetkého od základu. Ďakujem

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118715
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu logu a návod na vyčitenie PC

#4 Příspěvek od Rudy »

Bude to problém. Pokud jste četl pravidla, neřešíme nelegální oper. systémy. A to proto, že jsou upravované (právě KMSPico apod.), takže nevíme, jak se takový systém zachová přičištění. Nejsme tu proto, abychom pak opravovali nelegální OS (zkušenost). Lituji.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

witchhammer
Návštěvník
Návštěvník
Příspěvky: 11
Registrován: 08 kvě 2013 23:04

Re: Prosím o kontrolu logu a návod na vyčitenie PC

#5 Příspěvek od witchhammer »

OK, ďakujem, chápem to. Mohli by ste mi dať prosím aspoň vedieť, či - keď odzálohujem svoje dokumenty - budem ich môcť opäť naimportovať do čistej inštalácie OS bez toho, aby došlo k opätovnému zavíreniu ? Profil Firefoxu je už zrejme nepoužiteľný, že ?

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118715
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu logu a návod na vyčitenie PC

#6 Příspěvek od Rudy »

Dokument obvykle nebývá zavirován. Pokud je zazálohujete, budete je moci bez obav nakopírovat zpět. Profil je patrně opravdu nepoužitelný.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

witchhammer
Návštěvník
Návštěvník
Příspěvky: 11
Registrován: 08 kvě 2013 23:04

Re: Prosím o kontrolu logu a návod na vyčitenie PC

#7 Příspěvek od witchhammer »

Ďakujem za reakciu.
Ešte mám na Vás dve otázky.

Prvá k tomu nelegálnemu SW, ale nechcem, aby to vyzeralo, že som drzý. Chápem pravidlá na fóre, priznám sa, nečítal som ich (a kto áno, že ?), že k neleg. OS neposkytujete pomoc. Ale pokiaľ by som si KMS Pico deaktivoval, a OS by som mal v mesačnej lehote, kedy by sa mal aktivovať, technicky vzaté by bol legálny, takže by ste mi pomôcť mohli bez porušenia pravidiel ? Nechcem fakt vyzerať, že prudím, ani tu vyplakávať, ale chodím do práce, mám malé dieťa, a potrebujem súrne robiť na PC - a k preinštalovaniu sa dostanem až niekedy cez víkend (možno). Mám síce ešte jeden NTB, na ňom je však nainštalované Ubuntu (predtým Win 10 Home, ale práve kvôli tým aktualizáciam, ktoré sa spúšťali kedy chceli a poväčšine, keď som potreboval pracovať), takže pre prácu je nepoužiteľné, a na druhom je Win 10 Home (legálny :D ), tak však patrí partnerke a keď malý spí, pozerá na ňom filmy alebo surfuje na webe.
BTW čo som googlil o tým panchartoch, ktorí sa mi nasťahovali do PC, pre istotu som si (na inom PC) zmenil kritické heslá na internet banking, google účet a pod, nakoľko mal medzi nimi byť aj nejaký phisingový nástroj.

Druhá prosba sa týka kontroly logu. Skúsil som použiť Eset Sysinspector a premazať to ručne (napadnutý bol aj súbor hosts). Ten bazmek v temp sa už nespúšťa, ani pri Firefoxe sa už neotvárajú tri okná. Niečo mi našiel aj program Malwarebyte, MS Windows Malicious Software Removal Tool bol opäť ako vždy k ničomu, čosi som musel zmazať za použitia konzoly a príkazov msconfig a services.msc. Okrem pár záznamov registroch sa mi to už zdá byť pomerne čisté (až na ten KMP Pico samozrejme). Windows Defender ani nejdem skúšať, škoda CPU výkonu naň.

Ďakujem, tu je LOG:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-06-2017
Ran by roman (ATTENTION: The user is not administrator) on DESKTOP-G9N1UEU (18-06-2017 21:12:56)
Running from D:\Downloads
Loaded Profiles: admin & roman (Available Profiles: admin & roman)
Platform: Windows 10 Enterprise Version 1607 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> winlogon.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> dwm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> rundll32.exe
Failed to access process -> atiesrxx.exe
Failed to access process -> igfxCUIService.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> rundll32.exe
Failed to access process -> svchost.exe
Failed to access process -> atieclxx.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> AdjustService.exe
Failed to access process -> DbxSvc.exe
Failed to access process -> MBAMService.exe
Failed to access process -> mdm.exe
Failed to access process -> svchost.exe
Failed to access process -> Service_KMS.exe
Failed to access process -> MsMpEng.exe
Failed to access process -> svchost.exe
Failed to access process -> dasHost.exe
Failed to access process -> svchost.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> svchost.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> PresentationFontCache.exe
Failed to access process -> NisSrv.exe
(Sysinternals - www.sysinternals.com) C:\Program Files (x86)\ProcessExplorer\procexp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Sysinternals - www.sysinternals.com) C:\Users\roman\AppData\Local\Temp\PROCEXP64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
Failed to access process -> DiscSoftBusServiceLite.exe
(File-New-Project) C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_1.4.4.0_x86__1sdd7yawvg6ne\EarTrumpet.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Failed to access process -> WmiPrvSE.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ESET) D:\Downloads\sysinspector_nt64_sky.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) D:\Downloads\Windows-KB890830-x64-V5.49.exe
(Microsoft Corporation) C:\Windows\System32\MRT.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-28] (Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-06-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\RunOnce: [EasyTune] => C:\Program Files (x86)\Gigabyte\EasyTune\etro.exe [5632 2014-08-18] (GIGA-BYTE TECHNOLOGY CO., LTD.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2926868963-1006440680-4167170613-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-06-22] (Disc Soft Ltd)
HKU\S-1-5-21-2926868963-1006440680-4167170613-1002\...\Run: [HDDHealth] => C:\Program Files (x86)\HDD Health\hddhealth.exe -wl
HKU\S-1-5-21-2926868963-1006440680-4167170613-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [152064 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
GroupPolicy: Restriction - Windows Defender <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{8fba990b-8693-49c4-8077-8bae38e33d91}: [DhcpNameServer] 192.168.100.1

Internet Explorer:
==================
HKU\S-1-5-21-2926868963-1006440680-4167170613-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
URLSearchHook: [S-1-5-21-2926868963-1006440680-4167170613-1001] ATTENTION => Default URLSearchHook is missing
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-30] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-30] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

FireFox:
========
FF DefaultProfile: 003s7hqj.default
FF DefaultProfile: 4mzpk8bq.default
FF ProfilePath: C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default [2017-06-18]
FF Session Restore: Mozilla\Firefox\Profiles\003s7hqj.default -> is enabled.
FF Extension: (Nepi Jano!) - C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\Extensions\@nepi-jano.xpi [2017-01-28]
FF Extension: (Test Pilot) - C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\Extensions\@testpilot-addon.xpi [2017-04-30]
FF Extension: (Add to Search Bar) - C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2016-01-22]
FF Extension: (Roomy Bookmarks Toolbar) - C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\Extensions\ALone-live@ya.ru.xpi [2017-04-30]
FF Extension: (DownThemAll! AntiContainer) - C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\Extensions\anticontainer@downthemall.net.xpi [2017-02-07]
FF Extension: (Classic Theme Restorer) - C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2017-06-16]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\Extensions\elemhidehelper@adblockplus.org.xpi [2017-04-30]
FF Extension: (Ghostery) - C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\Extensions\firefox@ghostery.com.xpi [2017-06-16]
FF Extension: (FlashStopper) - C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\Extensions\flashstopper@byo.co.il.xpi [2017-03-21]
FF Extension: (Hide Caption Titlebar Plus) - C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\Extensions\hidecaptionplus-dp@dummy.addons.mozilla.org.xpi [2017-06-16]
FF Extension: (Image Picker) - C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\Extensions\ImagePicker@topolog.org [2017-02-05]
FF Extension: (Plain Text Linker) - C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\Extensions\jid1-CeHl9T9miaoK2w@jetpack.xpi [2015-11-06]
FF Extension: (Flash Block (Plus)) - C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\Extensions\jid1-n8wH2cBfc2QaUj@jetpack.xpi [2017-01-30]
FF Extension: (Save Images) - C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\Extensions\LDSI_plashcor@gmail.com.xpi [2017-04-30]
FF Extension: (ScrapBook Plus) - C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\Extensions\scrapbookplus@addons.mozilla.org.xpi [2016-12-03]
FF Extension: (Tab Center) - C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\Extensions\tabcentertest1@mozilla.com.xpi [2017-04-30]
FF Extension: (Tab Tree) - C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\Extensions\TabsTree@traxium.xpi [2017-03-13]
FF Extension: (Tree Style Tab) - C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\Extensions\treestyletab@piro.sakura.ne.jp.xpi [2017-06-16]
FF Extension: (Undo Closed Tabs Button) - C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2016-08-25]
FF Extension: (Screengrab (fix version)) - C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2017-06-16]
FF Extension: (NoScript) - C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-06-16]
FF Extension: (ReloadEvery) - C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2016-12-12]
FF Extension: (Password Exporter) - C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2017-03-21]
FF Extension: (Video DownloadHelper) - C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-06-16]
FF Extension: (Adblock Plus) - C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-16]
FF Extension: (BetterPrivacy) - C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-12-03]
FF Extension: (DownThemAll!) - C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2017-02-07]
FF SearchPlugin: C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\003s7hqj.default\searchplugins\sfd.xml [2015-07-09]
FF ProfilePath: C:\Users\roman\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\4mzpk8bq.default [2017-03-13]
FF DefaultSearchEngine: Moonchild Productions\Pale Moon\Profiles\4mzpk8bq.default -> Google
FF SearchPlugin: C:\Users\roman\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\4mzpk8bq.default\searchplugins\youtube.xml [2017-03-13]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-16] ()
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-30] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-2926868963-1006440680-4167170613-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2017-04-20] (Apple Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-20] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-20] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [48944 2017-06-12] (Dropbox, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-06-22] (Disc Soft Ltd)
R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] () [File not signed]
S3 HwmRecordService; C:\Program Files (x86)\GIGABYTE\SIV\HwmRecordService.exe [62760 2015-11-12] (GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-07] (Intel Corporation)
R3 lmhosts; C:\WINDOWS\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 lmhosts; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\WINDOWS\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 NlaSvc; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-11-13] (Microsoft Corporation)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [743616 2015-12-02] (@ByELDI) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [314016 2017-01-23] ()
R1 cytdsk; C:\WINDOWS\System32\drivers\cytdsk.sys [195496 2017-06-13] ()
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [146856 2015-03-10] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [21928 2015-03-10] (Windows (R) Win 7 DDK provider)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-07-20] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-07-20] (Disc Soft Ltd)
R3 esihdrv; C:\Users\admin\AppData\Local\Temp\esihdrv.sys [191664 2017-06-18] (ESET) <==== ATTENTION
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-05-25] ()
S3 etocdrv; C:\WINDOWS\etocdrv.sys [15584 2013-10-31] (Giga-Byte Technology CO., LTD.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.)
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [43680 2017-01-23] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188312 2017-06-18] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-06-18] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [44960 2017-06-18] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [252832 2017-06-18] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-06-18] (Malwarebytes)
R1 MpKsl09574feb; C:\WINDOWS\system32\MpEngineStore\MpKsl09574feb.sys [44928 2017-06-18] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [12400 2017-03-29] (Macrovision Europe Ltd) [File not signed]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [131144 2017-03-15] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205440 2017-03-15] (Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 WiserIso; C:\WINDOWS\System32\Drivers\vcdrom.sys [25432 2016-12-27] ()
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-18 20:39 - 2017-06-18 20:39 - 00000828 _____ C:\WINDOWS\system32\Drivers\etc\hosts.txt
2017-06-18 20:36 - 2017-06-17 23:18 - 00002552 _____ C:\WINDOWS\system32\Drivers\etc\hosts – kópia.txt
2017-06-18 20:22 - 2017-06-18 20:41 - 00000000 ____D C:\WINDOWS\system32\MpEngineStore
2017-06-18 20:05 - 2017-06-18 20:57 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-06-18 20:05 - 2017-06-18 20:57 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-06-18 20:05 - 2017-06-18 20:57 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-06-18 20:05 - 2017-06-18 20:05 - 00188312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-06-18 20:04 - 2017-06-18 20:57 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-18 20:04 - 2017-06-18 20:04 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-18 20:04 - 2017-06-18 20:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-18 20:04 - 2017-06-18 20:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-18 20:04 - 2017-06-18 20:04 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-18 20:04 - 2017-05-25 11:58 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-06-18 00:33 - 2017-06-18 20:35 - 00000000 ____D C:\Program Files\Unlocker
2017-06-18 00:33 - 2017-06-18 00:33 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2017-06-18 00:33 - 2017-06-18 00:33 - 00000000 ____D C:\Users\admin\AppData\Roaming\Babylon
2017-06-18 00:33 - 2017-06-18 00:33 - 00000000 ____D C:\ProgramData\Babylon
2017-06-18 00:29 - 2017-06-18 00:29 - 00000290 __RSH C:\Users\admin\ntuser.pol
2017-06-18 00:08 - 2017-06-18 00:10 - 00000000 ____D C:\Users\roman\AppData\Roaming\Event Monitor
2017-06-18 00:07 - 2017-06-18 00:07 - 01348104 _____ C:\Users\admin\Documents\cc_20170618_000702.reg
2017-06-17 23:52 - 2017-06-18 21:12 - 00000000 ____D C:\FRST
2017-06-17 23:23 - 2017-06-17 23:23 - 00000290 __RSH C:\Users\roman\ntuser.pol
2017-06-17 23:20 - 2017-06-17 23:20 - 00000000 ____D C:\Users\admin\Documents\eRightSoft
2017-06-17 23:18 - 2017-06-18 20:09 - 00000000 ____D C:\Users\admin\AppData\Roaming\UCChannel
2017-06-17 23:18 - 2017-06-18 20:05 - 00000000 ____D C:\ProgramData\03db811de6ea4c509c9663f7bfed9061
2017-06-17 23:18 - 2017-06-17 23:18 - 00930816 _____ C:\Users\admin\AppData\Local\test_db_cara.db
2017-06-17 23:18 - 2017-06-17 23:18 - 00140800 _____ C:\Users\admin\AppData\Local\installer.dat
2017-06-17 23:18 - 2017-06-17 23:18 - 00016846 _____ C:\WINDOWS\System32\Tasks\Krix for Windows 8
2017-06-17 23:18 - 2017-06-17 23:18 - 00016812 _____ C:\WINDOWS\System32\Tasks\Kalency Clock
2017-06-17 23:18 - 2017-06-17 23:18 - 00011568 _____ C:\Users\admin\AppData\Local\InstallationConfiguration.xml
2017-06-17 23:18 - 2017-06-17 23:18 - 00000528 _____ C:\Users\admin\Desktop\Download 3D.Encode.Engine.exe.url
2017-06-17 23:18 - 2017-06-17 23:18 - 00000454 _____ C:\Users\admin\Desktop\Download 3D.Codecs.Package.url
2017-06-17 23:18 - 2017-06-17 23:18 - 00000000 ____D C:\Users\admin\AppData\Local\AdvinstAnalytics
2017-06-17 23:18 - 2016-12-27 04:34 - 00025432 _____ C:\WINDOWS\system32\Drivers\vcdrom.sys
2017-06-17 23:18 - 2016-05-05 12:23 - 00556216 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avutil-lav-55.dll
2017-06-17 23:18 - 2016-05-05 12:23 - 00537784 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\swscale-lav-4.dll
2017-06-17 23:18 - 2016-05-05 12:23 - 00405176 __RSH (Intel Corp.) C:\WINDOWS\SysWOW64\IntelQuickSyncDecoder.dll
2017-06-17 23:18 - 2016-05-05 12:23 - 00276152 __RSH C:\WINDOWS\SysWOW64\libbluray.dll
2017-06-17 23:18 - 2016-05-05 12:23 - 00000493 __RSH C:\WINDOWS\SysWOW64\LAVFilters.Dependencies.manifest
2017-06-17 23:18 - 2016-05-05 12:22 - 10766520 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avcodec-lav-57.dll
2017-06-17 23:18 - 2016-05-05 12:22 - 01699000 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avformat-lav-57.dll
2017-06-17 23:18 - 2016-05-05 12:22 - 00188088 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avfilter-lav-6.dll
2017-06-17 23:18 - 2016-05-05 12:22 - 00160440 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avresample-lav-3.dll
2017-06-17 23:18 - 2004-10-10 08:50 - 00278528 _____ (Real Networks, Inc) C:\WINDOWS\SysWOW64\pncrt.dll
2017-06-17 23:18 - 2004-07-02 16:33 - 00327749 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\drvc.dll
2017-06-17 23:18 - 2004-04-05 09:31 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2017-06-17 23:18 - 2004-04-05 09:31 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2017-06-17 23:17 - 2017-06-18 00:17 - 00000000 ____D C:\Program Files (x86)\eRightSoft
2017-06-17 23:17 - 2017-06-17 23:17 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
2017-06-14 22:24 - 2017-06-14 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-14 22:19 - 2017-06-14 22:19 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-14 22:00 - 2017-04-21 23:53 - 00029376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2017-06-14 22:00 - 2017-04-21 23:53 - 00018600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2017-06-14 22:00 - 2017-04-21 23:50 - 00030912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2017-06-14 22:00 - 2017-04-21 23:50 - 00018592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2017-06-14 22:00 - 2017-04-11 20:27 - 00993632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-06-14 22:00 - 2017-04-11 20:27 - 00690008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-06-14 22:00 - 2017-03-15 20:15 - 00987840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-06-14 22:00 - 2017-03-15 20:15 - 00485576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-06-14 21:51 - 2017-06-03 12:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 21:51 - 2017-06-03 12:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-14 21:51 - 2017-06-03 12:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-14 21:51 - 2017-06-03 12:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-14 21:51 - 2017-06-03 12:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-14 21:51 - 2017-06-03 12:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-14 21:51 - 2017-06-03 12:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-14 21:51 - 2017-06-03 12:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 21:51 - 2017-06-03 12:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-14 21:51 - 2017-06-03 12:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-14 21:51 - 2017-06-03 12:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-14 21:51 - 2017-06-03 12:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-14 21:51 - 2017-06-03 12:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-06-14 21:51 - 2017-06-03 12:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-14 21:51 - 2017-06-03 12:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-14 21:51 - 2017-06-03 12:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-14 21:51 - 2017-06-03 12:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 21:51 - 2017-06-03 12:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-14 21:51 - 2017-06-03 12:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 21:51 - 2017-06-03 12:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 21:51 - 2017-06-03 12:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 21:51 - 2017-06-03 11:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-14 21:51 - 2017-06-03 11:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 21:51 - 2017-06-03 11:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 21:51 - 2017-06-03 11:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-14 21:51 - 2017-06-03 11:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-14 21:51 - 2017-06-03 11:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-14 21:51 - 2017-06-03 11:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-14 21:51 - 2017-06-03 11:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-14 21:51 - 2017-06-03 11:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-14 21:51 - 2017-06-03 11:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-14 21:51 - 2017-06-03 11:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 21:51 - 2017-06-03 11:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-14 21:51 - 2017-06-03 11:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-14 21:51 - 2017-06-03 11:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-14 21:51 - 2017-06-03 11:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 21:51 - 2017-06-03 11:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-14 21:51 - 2017-06-03 11:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-14 21:51 - 2017-06-03 11:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-06-14 21:51 - 2017-06-03 11:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 21:51 - 2017-06-03 11:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 21:51 - 2017-06-03 11:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-06-14 21:51 - 2017-06-03 11:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-06-14 21:51 - 2017-06-03 11:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 21:51 - 2017-06-03 11:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-06-14 21:51 - 2017-06-03 11:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 21:51 - 2017-06-03 11:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 21:51 - 2017-06-03 11:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 21:51 - 2017-06-03 11:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 21:51 - 2017-06-03 11:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 21:51 - 2017-06-03 11:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 21:51 - 2017-06-03 11:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-14 21:51 - 2017-06-03 11:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 21:51 - 2017-06-03 11:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 21:51 - 2017-06-03 11:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-14 21:51 - 2017-06-03 11:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 21:51 - 2017-06-03 11:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-14 21:51 - 2017-06-03 11:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-14 21:51 - 2017-06-03 11:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-14 21:51 - 2017-06-03 11:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-14 21:51 - 2017-06-03 11:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 21:51 - 2017-06-03 11:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 21:51 - 2017-06-03 11:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-14 21:51 - 2017-06-03 11:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-14 21:51 - 2017-06-03 11:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-14 21:51 - 2017-06-03 11:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-14 21:51 - 2017-06-03 11:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-14 21:51 - 2017-06-03 11:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 21:51 - 2017-06-03 11:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-14 21:51 - 2017-06-03 11:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 21:51 - 2017-06-03 11:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 21:51 - 2017-06-03 11:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 21:51 - 2017-06-03 11:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 21:51 - 2017-06-03 11:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 21:51 - 2017-06-03 11:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 21:51 - 2017-06-03 11:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 21:51 - 2017-06-03 11:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 21:51 - 2017-06-03 11:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 21:51 - 2017-06-03 11:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 21:51 - 2017-06-03 11:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 21:51 - 2017-06-03 11:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-14 21:51 - 2017-06-03 11:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-06-14 21:51 - 2017-06-03 11:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-06-14 21:51 - 2017-06-03 11:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-14 21:51 - 2017-06-03 11:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2017-06-14 21:51 - 2017-06-03 11:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-06-14 21:51 - 2017-06-03 11:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2017-06-14 21:51 - 2017-06-03 11:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-06-14 21:51 - 2017-06-03 11:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 21:51 - 2017-06-03 11:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 21:51 - 2017-06-03 11:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-14 21:51 - 2017-06-03 11:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 21:51 - 2017-06-03 11:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-14 21:51 - 2017-06-03 11:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 21:51 - 2017-06-03 11:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 21:51 - 2017-06-03 11:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-14 21:51 - 2017-06-03 11:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2017-06-14 21:51 - 2017-06-03 11:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 21:51 - 2017-06-03 11:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-14 21:51 - 2017-06-03 11:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-06-14 21:51 - 2017-06-03 11:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-14 21:51 - 2017-06-03 11:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 21:51 - 2017-06-03 11:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 21:51 - 2017-06-03 11:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 21:51 - 2017-06-03 11:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 21:51 - 2017-06-03 11:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-06-14 21:51 - 2017-06-03 11:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 21:51 - 2017-06-03 11:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-14 21:51 - 2017-06-03 11:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 21:51 - 2017-06-03 10:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-06-14 21:51 - 2017-06-03 10:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 21:51 - 2017-06-03 10:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-06-14 21:51 - 2017-06-03 10:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 21:51 - 2017-06-03 10:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 21:51 - 2017-06-03 10:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-14 21:51 - 2017-06-03 10:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 21:51 - 2017-06-03 10:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-06-14 21:51 - 2017-06-03 10:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-14 21:51 - 2017-06-03 10:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-06-14 21:51 - 2017-06-03 10:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 21:51 - 2017-06-03 10:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 21:51 - 2017-06-03 10:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 21:51 - 2017-06-03 10:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 21:51 - 2017-06-03 10:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 21:51 - 2017-06-03 10:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-14 21:51 - 2017-06-03 10:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 21:51 - 2017-06-03 10:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 21:51 - 2017-06-03 10:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 21:51 - 2017-06-03 10:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2017-06-14 21:51 - 2017-06-03 10:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-14 21:51 - 2017-06-03 10:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 21:51 - 2017-06-03 10:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 21:51 - 2017-06-03 10:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-14 21:51 - 2017-06-03 10:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 21:51 - 2017-06-03 10:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 21:51 - 2017-06-03 08:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-06-14 21:51 - 2017-05-25 07:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-06-14 21:51 - 2017-03-04 08:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-14 21:51 - 2017-03-04 08:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-14 21:51 - 2017-03-04 08:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-14 21:51 - 2017-03-04 08:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-06-14 21:51 - 2016-09-07 06:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-06-13 04:26 - 2017-06-13 04:26 - 00195496 _____ C:\WINDOWS\system32\Drivers\cytdsk.sys
2017-06-12 13:55 - 2017-06-12 13:55 - 00048944 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-06-12 13:52 - 2017-06-12 13:52 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-06-12 13:52 - 2017-06-12 13:52 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-06-12 13:52 - 2017-06-12 13:52 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-06-09 23:55 - 2017-06-09 23:55 - 00000000 ____D C:\Users\admin\Documents\The KMPlayer
2017-06-07 23:05 - 2017-06-15 23:01 - 00000000 ____D C:\GOG Games
2017-05-19 23:58 - 2017-05-19 23:58 - 00000000 ____D C:\Users\roman\AppData\Roaming\Ubisoft

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-18 21:11 - 2016-07-20 15:55 - 00000000 ____D C:\Users\roman\AppData\Local\ClassicShell
2017-06-18 21:09 - 2016-07-20 14:38 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-18 21:01 - 2016-08-02 22:01 - 01088178 _____ C:\WINDOWS\system32\perfh01B.dat
2017-06-18 21:01 - 2016-08-02 22:01 - 00333132 _____ C:\WINDOWS\system32\perfc01B.dat
2017-06-18 21:01 - 2016-07-20 14:04 - 02967932 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-18 20:58 - 2016-11-22 23:35 - 00000000 ____D C:\Users\roman\AppData\LocalLow\Mozilla
2017-06-18 20:58 - 2016-11-13 20:43 - 00000000 ____D C:\Users\roman
2017-06-18 20:57 - 2016-11-13 20:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-18 20:57 - 2016-11-13 20:42 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-18 20:09 - 2016-10-12 01:32 - 00001762 _____ C:\Users\roman\Desktop\Chemat.lnk
2017-06-18 20:09 - 2016-07-20 14:16 - 00000000 ____D C:\Program Files\KMSpico
2017-06-18 19:41 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-18 00:36 - 2016-12-27 02:25 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-18 00:36 - 2016-07-25 23:36 - 00026192 _____ (Windows (R) Server 2003 DDK provider) C:\WINDOWS\gdrv.sys
2017-06-18 00:35 - 2016-07-20 17:06 - 00000000 ____D C:\Users\admin\AppData\Local\ClassicShell
2017-06-18 00:32 - 2017-03-01 00:26 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Mozilla
2017-06-18 00:30 - 2016-07-20 18:30 - 00000000 ____D C:\Users\admin\AppData\Local\Dropbox
2017-06-18 00:29 - 2016-11-13 20:43 - 00000000 ____D C:\Users\admin
2017-06-18 00:29 - 2016-07-20 14:05 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-18 00:29 - 2016-07-20 14:05 - 00000000 ____D C:\Users\admin\AppData\Local\Packages
2017-06-18 00:28 - 2016-11-13 20:42 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-18 00:15 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\registration
2017-06-18 00:06 - 2016-07-20 17:17 - 00000000 ____D C:\Users\admin\AppData\Roaming\DAEMON Tools Lite
2017-06-17 23:53 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2017-06-17 23:18 - 2017-04-26 21:56 - 00000000 ____D C:\Program Files\Thief - Deadly Shadows
2017-06-17 23:18 - 2016-12-29 23:31 - 00000000 ____D C:\Program Files\HandBrake
2017-06-17 23:18 - 2016-08-02 21:26 - 00000000 ____D C:\Program Files\Bethesda Softworks
2017-06-17 23:18 - 2016-07-20 17:33 - 00003584 __RSH C:\ProgramData\ntuser.pol
2017-06-17 23:18 - 2016-07-16 13:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-17 23:18 - 2015-07-10 13:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-06-17 23:02 - 2016-07-25 23:36 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-17 11:04 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-16 20:53 - 2016-07-20 17:10 - 00000000 ____D C:\Users\roman\AppData\Roaming\vlc
2017-06-16 20:44 - 2016-07-20 16:20 - 00000646 _____ C:\Users\roman\Desktop\seriály.txt
2017-06-16 11:32 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache
2017-06-16 10:55 - 2016-08-13 23:45 - 00000000 ____D C:\Users\roman\AppData\Roaming\HandBrake
2017-06-14 22:24 - 2016-07-20 18:30 - 00000000 ____D C:\Users\roman\AppData\Local\Dropbox
2017-06-14 22:24 - 2016-07-20 18:30 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-06-14 22:19 - 2016-11-13 20:42 - 00271976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-14 22:19 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-14 22:19 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-14 22:19 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-14 22:01 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-14 22:00 - 2016-07-20 14:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-10 23:33 - 2016-07-20 18:32 - 00000000 ___RD C:\Users\roman\Dropbox
2017-06-04 22:50 - 2016-11-22 23:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-04 22:50 - 2016-07-20 15:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-03 08:36 - 2016-07-16 13:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 08:36 - 2016-07-16 13:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-31 22:27 - 2016-07-20 14:40 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-19 23:58 - 2017-05-18 23:08 - 00000000 ____D C:\ProgramData\Ubisoft
2017-05-19 23:49 - 2017-04-12 22:27 - 00000000 ____D C:\Program Files (x86)\Ubisoft

==================== Files in the root of some directories =======

2017-01-28 18:38 - 2013-04-28 15:56 - 0396800 _____ (Codejock Software) C:\Program Files (x86)\ISSkinExW.dll
2017-01-28 18:38 - 2013-05-27 10:32 - 3011584 _____ () C:\Program Files (x86)\walmart.cjstyles
2016-07-20 22:48 - 2016-07-20 22:50 - 0000719 _____ () C:\Users\roman\AppData\Roaming\D-TEST.lnk
2016-07-20 22:33 - 2016-07-20 22:35 - 0000731 _____ () C:\Users\roman\AppData\Roaming\Downloads.lnk
2016-08-25 20:42 - 2016-08-25 20:42 - 0011299 _____ () C:\Users\roman\AppData\Local\recently-used.xbel
2017-01-31 13:53 - 2017-01-31 13:53 - 0000000 _____ () C:\Users\roman\AppData\Local\{DA527127-9175-4CC5-AFFD-FBE60BDEA432}

Some files in TEMP:
====================
2017-02-28 23:40 - 2017-02-28 23:40 - 2342632 _____ (CPUID) C:\Users\roman\AppData\Local\Temp\cpuz165.exe
2017-04-01 19:39 - 2017-04-12 21:55 - 0065536 _____ (Sony DADC Austria AG) C:\Users\roman\AppData\Local\Temp\drm_dialogs.dll
2017-04-12 21:56 - 2017-04-12 22:07 - 0208896 _____ (Sony DADC Austria AG) C:\Users\roman\AppData\Local\Temp\drm_dyndata_7340014.dll
2017-01-29 21:54 - 2017-01-29 21:54 - 0739904 _____ (Oracle Corporation) C:\Users\roman\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-04-30 18:04 - 2017-04-30 18:04 - 0739904 _____ (Oracle Corporation) C:\Users\roman\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-02-28 23:40 - 2017-02-28 23:40 - 0106496 _____ () C:\Users\roman\AppData\Local\Temp\pi.exe
2017-06-17 23:23 - 2017-06-18 20:57 - 1444000 _____ (Sysinternals - www.sysinternals.com) C:\Users\roman\AppData\Local\Temp\PROCEXP64.exe
2017-04-06 22:22 - 2017-04-06 22:22 - 0109056 _____ () C:\Users\roman\AppData\Local\Temp\remove.exe
2017-04-26 21:57 - 2017-04-26 21:57 - 0012305 _____ () C:\Users\roman\AppData\Local\Temp\SIntf16.dll
2017-04-26 21:57 - 2017-04-26 21:57 - 0020020 _____ () C:\Users\roman\AppData\Local\Temp\SIntf32.dll
2017-04-26 21:57 - 2017-04-26 21:57 - 0024748 _____ () C:\Users\roman\AppData\Local\Temp\SIntfNT.dll
2017-05-18 23:09 - 2017-05-18 23:25 - 3748145 _____ () C:\Users\roman\AppData\Local\Temp\ubi3163.tmp.exe
2017-05-27 13:42 - 2017-05-27 13:42 - 5591040 _____ () C:\Users\roman\AppData\Local\Temp\vlc-2.2.6-win64.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. The user is not administrator

==================== End of FRST.txt ============================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118715
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu logu a návod na vyčitenie PC

#8 Příspěvek od Rudy »

Jde o to, že máte verzi Enterprise, což je verze dostupná pouze v multilicenci pro firmy a instituce. Takže odinstalování KMSPico vám nepomůže. Navíc ty změny jsou zalezlé hluboko v systému. Použijte, prosímn, jiné fórum, kde tato skutečnost nevadí. Víc k tomu nemám co říci.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět